IE7 Beta 2 Preview Open to DoS Attack
41 Comments
Security researcher Tom Ferris says he has discovered a security vulnerability in the Beta 2 Preview release of Internet Explorer 7. The bug lies in the urlmon.dll file and causes the browser to crash when it encounters a URL with the "file://" protocol followed by a long string of dashes.
Ferris previously discovered security flaws in Firefox, IE6 and QuickTime. He notes that arbitrary code could be executed on a machine running Microsoft's newest beta browser, but his proof-of-concept code simply crashes the application. The issue has been reported to Microsoft and Ferris says it is only of medium severity.